There is a long line of self-interested intruders ready and willing to capture this valuable data, and as our reliance on digital information has grown, so have the threats. Large concentrations of data, mobile devices, and the need to keep the data useful has all added to the vulnerability of our information technology. While our information system has worked to make our data more secure, the threats of attack and the divulging of information has become ever more prevalent. Information security is an ongoing process that can never quite meet the challenge of the security threats.
Security threats originate from three sources. There are internal threats from corrupt employees, external threats that originate from external attacks on the system, and system failure. While direct attacks may compromise the data, system failure can cause a loss of information or system shutdown. While developing a system of access control minimizes attacks, system failures are dealt with through a system of redundancy and audit tracking. These systems are open to compromise by direct attack or well meaning employees that practice lax security measures.
The security of a database or network often begins with access control. At the system level this may mean the use of passwords. Passwords are easily compromised and are often shared for the purposes of convenience. Levels of granting only necessary access to a system or a file have been more helpful as data is made available only on a need to know basis. However, in a fast paced team environment, this may require man-hours that far exceed the realistic value of the security. According to Hu, Ferrariolo, and Kuhn, "If a single permission is incorrectly configured, a user will either be ineffective in performing his/her duties or will be given access to unintended information and systems, which could result in undermining the security posture of the organization" (36).